Using Reply-To Phishing
With reply-to phishing, you can test your users’ vulnerability to phishing attacks by tracking replies they send to Phishing Security Tests (PSTs) during a phishing campaign. You can download a user’s reply from the KMSAT console and review it to help identify what additional training the user needs. To learn more, see the guide below or watch our Reply-To Phishing video.
Jump to:
Setting Up Reply-To Phishing
Downloading Replies
Checking Replies in Your KMSAT Console
Setting Up Reply-To Phishing
To enable reply-to phishing, navigate to the Phishing tab in your KMSAT console and click the + Create Phishing Campaign button. From here, scroll down until you see the Track Activity section.
Fill out the fields in this section. For more information, see the screenshot and list below:
- Track Replies to Phishing Emails: You can select this check box to track your user's replies to phishing test emails.
- Custom Reply-to Address Domain: This is the email address your users will see when receiving a phishing test email. These email addresses are created automatically, but you can override the default domain by entering a different domain.
- Keep reply content for later review: Select this check box to save replies your users send to phishing test emails. The information saved includes text and attachments.
- Record out of office replies: Select this check box to count any auto-generated out of office replies to phishing emails as a failure. This setting can be helpful if you’d like to see the information that users include in their out-of-office replies that could be used by cybercriminals. For example, you can see if your users include their work phone number and email address which can be used in targeted phishing attacks.
Downloading Replies
You can view your users' replies to see how they interact with the phishing test email. To view replies, follow the steps below:
- Navigate to Phishing > Campaigns.
- Click the campaign you want to download responses from.
- Inside the campaign’s menu, navigate to Users > Replied.
- Inside the Replied tab, navigate to the user whose replies you want to download.
- Click the View User’s Replies arrow.
- In the modal that opens, click the Download Raw Email text.
If your user replies multiple times to the same phishing email, we only record the first reply. If your user sends sensitive information that you have to delete, click Delete Reply Content found under Download Raw Email. Deleting your recorded messages will not impact your active phishing campaign.
Checking Replies in Your KMSAT Console
You can also see whether a user replied to a phishing email without reading their reply. To check replies, navigate to Phishing > Campaign and click the training campaign you want to view. From here, click the Users tab and you will see the Recipients section. A check mark will display under the Replied tab if that user replied to the phishing email.
Comments
0 comments
Article is closed for comments.